When an organization is hacked, everyone has questions. What was breached? How did it happen? Who is responsible? Ransomware victims want to know how long before they regain access to mission-critical information. Company leaders ask what they can do to prevent it from happening again.
For answers to these and other important questions, organizations turn to digital forensic investigators.
What is digital forensics?
The National Institute of Standards and Technology (NIST) defines digital forensics as the application of science to the identification, collection, examination and analysis of data — while preserving the integrity of the information and maintaining a strict chain of custody. Put more simply, it’s the scientific process of collecting information and artifacts around a cyber incident.
A digital forensics career includes analyzing digital information to further investigations and solve cybercrimes. Ultimately, digital forensics investigators work in support of the victim, or the organization suffering a cyberattack, yet their employer is usually either a public or private organization that has been tasked with helping the victim understand the attack, its mechanisms and how to recover.
Ondrej Krehel is the chief executive officer and founder of digital forensics firm LIFARS and his professional experience spans the public